public static bool ProcMemoryCopy(StackFrame stackFrame, long dstAddress, long srcAddress, long length) { var process = DkmMethods.GetDkmProcess(stackFrame); var buffer = new byte[Math.Min(length, 4096)]; while (length > 0) { if (buffer.Length > length) { Array.Resize(ref buffer, (int)length); } var byteCount = process.ReadMemory((ulong)srcAddress, DkmReadMemoryFlags.None, buffer); if (buffer.Length != byteCount) { return(false); } process.WriteMemory((ulong)dstAddress, buffer); srcAddress += byteCount; dstAddress += byteCount; length -= byteCount; } return(true); }
public static bool WriteMemoryToFile(string fileName, StackFrame stackFrame, long fromAddress, long lengthToRead, FileMode fileMode = FileMode.Create) { var process = DkmMethods.GetDkmProcess(stackFrame); using (var fs = new FileStream(fileName, fileMode)) { var buffer = new byte[Math.Min(lengthToRead, 4096)]; while (lengthToRead > 0) { if (buffer.Length > lengthToRead) { Array.Resize(ref buffer, (int)lengthToRead); } var byteCount = process.ReadMemory((ulong)fromAddress, DkmReadMemoryFlags.None, buffer); if (buffer.Length != byteCount) { return(false); } fs.Write(buffer, 0, byteCount); fromAddress += byteCount; lengthToRead -= byteCount; } } return(0 == lengthToRead); }
public static bool LoadFileToMemory(string fileName, StackFrame stackFrame, long fromAddress, long lengthToWrite) { var process = DkmMethods.GetDkmProcess(stackFrame); using (var fs = new FileStream(fileName, FileMode.Open)) { var readBuffer = new byte[Math.Min(lengthToWrite, MAXIMUM_BLOCK_SIZE)]; while (lengthToWrite > 0) { var readBytes = fs.Read(readBuffer, 0, Math.Min((int)lengthToWrite, readBuffer.Length)); if (0 == readBytes) { return(false); } var writeBuffer = readBuffer; if (readBytes != readBuffer.Length) { writeBuffer = new byte[readBytes]; Buffer.BlockCopy(readBuffer, 0, writeBuffer, 0, readBytes); } process.WriteMemory((ulong)fromAddress, writeBuffer); fromAddress += writeBuffer.Length; lengthToWrite -= writeBuffer.Length; } } return(true); }
public static void ProcFree(StackFrame stackFrame, long address) { var process = DkmMethods.GetDkmProcess(stackFrame); process.FreeVirtualMemory( (ulong)address, 0, 0x8000 // MEM_RELEASE ); }
public static ulong ProcAlloc(StackFrame stackFrame, long size) { var process = DkmMethods.GetDkmProcess(stackFrame); return(process.AllocateVirtualMemory(0, (int)size, 0x3000, // MEM_COMMIT | MEM_RESERVE 0x04 // PAGE_READWRITE )); }
public static bool ProcMemset(StackFrame stackFrame, long dstAddress, byte val, long length) { var process = DkmMethods.GetDkmProcess(stackFrame); var buffer = new byte[Math.Min(length, 4096)]; for (int i = 0; i < buffer.Length; ++i) { buffer[i] = val; } while (length > 0) { if (buffer.Length > length) { Array.Resize(ref buffer, (int)length); } process.WriteMemory((ulong)dstAddress, buffer); length -= buffer.Length; dstAddress += buffer.Length; } return(0 == length); }